Results 1 to 18 of 18
Thread: what next !!!
-
08-08-2002, 03:36 PM #1Web Hosting Guru
- Join Date
- Jul 2002
- Posts
- 311
what next !!!
Hello fellows !!
i just got my server and the WHM & Cpanel all set,(my ISP set that up) and i m not that good at setting up security on webserver.
so, what do i need to do next in order tighten up my server, any help guys as to how do i do it ?
expecting any links, notes, descriptions, help or comments etc. etc.
thanks
-
08-08-2002, 03:48 PM #2New Member
- Join Date
- Aug 2002
- Posts
- 1
Hi oc3, security is a pretty complex thing, the "easiest" thing to do, which will still keep you pretty secure, would be to make sure all of the applications run which are bound to a port, or which are used along side apache, are ALWAYS up to date, with the latest security patches. Don't allow anonymous access on anything.
Don't allow your user's to allow anonymous access on FTP.
If you'd like a friend of mine to give your server the highest security possible at this current time, send me a private message and we can sort a price out.
-
08-08-2002, 04:10 PM #3Quick, poke it with a stick!
- Join Date
- Jul 2001
- Location
- Troy, Missouri USA
- Posts
- 1,299
WHM/Cpanel
At this time WHM/cPanel is the best control panel out there so you are offf to a good start.
Whm/cPanel updated it's self every night, so that is a big help. One importent thing to remember is that you have a cPanel/Linux server not just a Linux server. What I mean is that cPanel makes changes to files that you would not see on a regular Linux box.
So if you were to install something that overwrote one of these configuation files it could me trouble.
Search here or at http://cpanel.net before you think about adding any features like, Java, ASP, or Mod_Gzip.
Do not offer telnet period, or SSH unless you know why the client need access to it. Many hosts get a copy of a photo Id first.
Use a good password with mixed chars. like: 1ThiS~Ab2
Don't ever give anyone root unless you are sure about that person. If you need something done to the server use someone from you host. If you do use someone else check that person out very carefully. If they don't have a few good references forget about them. There are some on this board that have been around while.
Sending the root password through email is not a good idea either.
Good LuckSitekeeper
Google
-
08-08-2002, 04:11 PM #4WHT Addict
- Join Date
- Jul 2001
- Posts
- 145
hmm let me see...though not necessarily in this order:
1) really understand you OS!
2) see number 1
3) see number 2
4) update and install the latest patches
5) only enable the services that you really need and stop all the other services that you don't.
6) don't use telnet but use ssh to connect to your server remotely. if possible never telnet/ftp out from your server to a different server. this is a security risk.
7) check out www.securityfocus.com - an excellent resource.
8) make a backup of all your binaries on a fresh OS install in case you need it in the future.
there's more to security than what i've mentioned above. there were just some that I could think of...spam --> /dev/null
-
08-08-2002, 04:21 PM #5Web Hosting Guru
- Join Date
- Jul 2002
- Posts
- 311
thank you guys soo much....please keep comming !!! its really a booster.
regards
-
08-08-2002, 04:46 PM #6Web Hosting Master
- Join Date
- Oct 2001
- Posts
- 1,319
I am far from a security expert but you should make the .. i dont know what they are officially called... MD5 checksums of important binaries and store them so you can compare them at a later date, remove unrequired entries in the password files, whatelse... I guess what everyone else was saying, update update update...
Avi B
-
08-09-2002, 05:22 AM #7Newbie
- Join Date
- Aug 2002
- Posts
- 22
I'm surprised no one has mentioned make sure that you access your server ONLY via SSH - NEVER use Telnet; ensure that you have the latest and greatest OpenSSH installed; prefer the use of Secure FTP and just be sensible with your user policies.
-
08-09-2002, 05:34 AM #8Quick, poke it with a stick!
- Join Date
- Jul 2001
- Location
- Troy, Missouri USA
- Posts
- 1,299
(6) don't use telnet but use ssh to connect to your server remotely. if possible never telnet/ftp out from your server to a different server. this is a security risk.Sitekeeper
Google
-
08-09-2002, 06:27 AM #9Newbie
- Join Date
- Aug 2002
- Posts
- 22
Cheers.. reading too fast and missed it!
-
08-09-2002, 08:52 AM #10Web Hosting Guru
- Join Date
- Jul 2002
- Posts
- 311
Is that all,
so, i can take it as if it is done, and need not worry much about it.
regards/-
-
08-09-2002, 12:21 PM #11Web Hosting Master
- Join Date
- Jan 2002
- Location
- Kuwait
- Posts
- 679
Originally posted by oc3
Is that all,
so, i can take it as if it is done, and need not worry much about it.
regards/-
Code:1) really understand you OS! 2) see number 1 3) see number 2
I would like to add one more thing, read a security book. I read "Hacking Linux Exposed" myself and I find it great.
-
08-13-2002, 02:18 PM #12Web Hosting Master
- Join Date
- Aug 2002
- Posts
- 655
never allow shell access to your customers, i believe 95% of servers are hacked because of this, turn telnet off, use only ssh to access yourself. make sure you allocate /bin/false shell to all your customers.
-
08-13-2002, 02:51 PM #13WHT Addict
- Join Date
- Jul 2002
- Location
- New Hampshire
- Posts
- 154
never allow shell access to your customers,When you say "I wrote a program that crashed Windows", people just stare at
you blankly and say "Hey, I got those with the system, *for free*".
-- Linus Torvalds
-
08-13-2002, 03:02 PM #14Disabled
- Join Date
- Jun 2002
- Location
- North Pole
- Posts
- 115
Originally posted by hostchamp
never allow shell access to your customers, i believe 95% of servers are hacked because of this, turn telnet off, use only ssh to access yourself. make sure you allocate /bin/false shell to all your customers.
I only provide shell access to customers that have had an account for over 3 months.
-
08-13-2002, 10:55 PM #15Web Hosting Master
- Join Date
- Dec 2000
- Location
- The Woodlands, Tx
- Posts
- 5,974
Originally posted by sitekeeper
At this time WHM/cPanel is the best control panel out there so you are offf to a good start.
On another note, I visited your site. Reading the part about mod_gzip, thought I would update you about the new one, mod_hs. It's by the same makers, but it's not free. It's $1500 per CPU. I am about to test it to see if it's worth it...
-
08-14-2002, 04:23 AM #16Web Hosting Master
- Join Date
- Aug 2002
- Posts
- 655
If you use the right directory permissions, your server will be secure. Don't use the right permissions, your just asking for it.
the elf could you pls elaborate on the above, may be i can learn too.
-
08-14-2002, 07:37 AM #17Web Hosting Guru
- Join Date
- Jul 2002
- Posts
- 311
ssh setup
Hello,
so, can some one tell me how do u go about setting up a secured ssh on the server. i mean in detail !!!
Thanks
-
08-14-2002, 10:32 AM #18WHT Addict
- Join Date
- Jul 2002
- Location
- New Hampshire
- Posts
- 154
While I believe that shell access is important for my web hosting and I also think it should be an option for service I don't agree with the following:
If you use the right directory permissions, your server will be secure
I don't think thats a great reason for disallowing this access however. Just subscribe to bugtraq, know your security and update as soon as there is a problem.
SadistikalWhen you say "I wrote a program that crashed Windows", people just stare at
you blankly and say "Hey, I got those with the system, *for free*".
-- Linus Torvalds